Another 10.0 vulnerability in Endpoint Manager Mobile

B2B Cyber ​​Security ShortNews

Share post

After the first 10.0 vulnerability in Ivanti Endpoint Manager Mobile (EPMM) in July, the BSI again warns of another 10.0 vulnerability. This time, the CVE-2023-35082 vulnerability affects all versions of the EPMM. A script to close the vulnerability is available. However: Old versions can no longer be protected!

After the Federal Office for Information Security (BSI) already warned in July of a vulnerability of the Endpoint Manager Mobile - EPMM (formerly MobileIron Core)., the manufacturer Ivanti has now published information about another security gap. The vulnerability is listed under Common Vulnerabilities and Exposures (CVE) number CVE-2023-35082 and again has a CVSS score of 10.0 making it critical.

Authentication bypass possible again

While only older versions of the EPMM were listed as affected in the first vulnerability, the security leak CVE-2023-35082 now affects all versions across the board. The vulnerability is similar to the recently discovered and actively exploited vulnerability CVE-2023-35078. It enables an unauthenticated attacker from the Internet to access the API endpoints (authentication bypass). Access to the API can be used to obtain personal information such as names, phone numbers and other details, or to make limited configuration changes. This is how the BSI explains it in its current security warning as a PDF.

Update script can only be used for new versions!

For the affected product versions of EPMM or MobileIron Core 11.10 to 11.3, Ivanti provides a script to close the vulnerability. No mitigation measure is available for end-of-live versions 11.2 and lower. It is therefore necessary to update to a newer version – preferably 11.10. A customer logo is required for an extended info on the Ivanti website.

More at


About Ivanti

The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more